Connection to red team domain
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Goal
Detect when a connection is established to a domain used for penetration testing.
Strategy
Some application security testing tools use common domains. For example, the web application security platform Burp Suite uses burpcollaborator[.]net
in some payloads. These services assist in determining if an attack was successful. This detection contains a list of known domains used for penetration testing.
The tools in this rule are free to use or open-source. Use is not limited to ethical penetration testing teams.
Triage and response
- Determine the process that made the connection.
- Review related signals, application traces, and related logs to understand the full timeline of the incident.
- Isolate the workload, preserving it for analysis.
- Find and repair the root cause of the incident.
This detection is based on data from Cloud Network Monitoring.